What Security Components Comprise a SASE Solution?

SASE Security

It’s been nearly a year since Gartner introduced Secure Access Service Edge (SASE). The architecture sees the convergence of enterprise networking and security into a single solution. It’s become the predominant approach for the future of enterprise networking and security. Every major enterprise networking and security vendor today has claims to offer SASE if not as a product then as a stated strategy. But what security components actually comprise SASE? Here’s a quick rundown on SASE’s security features: 

Next-generation firewall (NGFW) restricts access to other locations. Unlike legacy stateful firewalls, NGFW will provide application awareness and control to protect against the spread of malware and other application-layer attacks. NGFW can be delivered as an on-premises solution or from the cloud in which case its a firewall as a service (FWaaS)

Secure Web Gateway (SWG) restricts access to Internet and cloud resources and provides advanced threat protection against malware in user-initiated Web/Internet traffic. All SWGs will inspect HTTP/HTTPs traffic, but some will also include all ports and protocols. 

Software Defined Perimeter (SDP), also called zero trust network access (ZTNA) restricts access to applications based on identity and real-time context. While thought of as applying to remote and mobile users, SDP/ZTNA is seen as extending to network users as well. Rather than connecting to the network, users of SDP/ZTNA first authenticate with a broker who then provides a portal of permitted applications and network resources. As such, users have application access but not general network access, preventing minimizing lateral movement across the network. 

Intrusion  Detection/Prevention Systems (IDS/IPS) analyze network flows for signatures of known cyberattacks. IDSs detect attacks, IPSs stop attacks. Because IPSs impact the flow, not merely monitor it, enterprises need to be particularly careful that adding signatures won’t result in false positives, unnecessarily interfering with user workflows. 

Remote Browser Isolation (RBI) protects users from Web-based attacks by shielding them from the Internet. An RBI system sits between the users and the websites they browse, sending a user’s browser an image of the browsed site. No content is executed on user machines, protecting them from most Web threats. 

Cloud Access Service Brokers (CASBs) identify and protect data in the cloud. CASBs provide a central point to enforce policies and provide visibility into user activities.  CASBs generally include DLP  to enforce policies, threat protection to prevent users from accessing specific cloud services, and compliance capabilities. 

Web Application and API Protection delivers multiple security modules for inspecting and protecting at the Web layer. WAAP’s core features include WAF, bot mitigation, protection against DDoS, and API protection, with a variable depth of security available for these for each module. 

Data Loss Prevention (DLP) identifies and prevents the use of sensitive information, such as social security numbers or meta-data, within data streams. DLP systems inspect content and analyze user actions to identify activity involving confidential information out of compliance with company guidelines and regulations. 

Data Masking goes a step further than DLP that masks data for reasons of privacy or compliance. Data Masking is a one-way process that hides sensitive data, such as social security numbers, with other realistic-looking data. 

User and Entity Behavior Analytics (UEBA) analyze user behavior and apply advanced analytics to detect anomalies.

While it might be a challenge to find a single vendor that offers all these functions as an integrated solution, they do exist.  If you need assistance, just complete the form below.

You might also find these blogs of interest:

Share this post